Alvin Cross

GDPR was introduced in April 2016 with a 2 year transition period, due to commence in May 2018. The new EU ‘General Data Protection Regulation’ has set new standards and rules for how consumer data can be used. The consequences of ignoring the new data security procedures, can result in serious fines. If your company has its data breached – it can expect fines of up to 20 million Euros or 4% of its global annual turnover.

We can help your organisation to prepare for GDPR by ensuring that your company has a secure IT setup, data storage, security solutions and ongoing managed IT support. Read on for our top tips on preparing for the new regulation:

Train and test your users. Phishing attacks are becoming more common than ever – it is important that your staff are trained on security awareness, to help identify a phishing attack.

Protecting the server is not secure enough, you also need to consider;

A well configured firewall

Endpoint security software

APT Blocker (to protect against advanced threats, such as Ransomware)

Ensure staff have strong passwords – a minimum of 12 characters, a combination of numbers, symbols, capital letters and lowercase letters. Try not to use dictionary words also.

Have a detailed plan in the event of a data breach, what steps you will take as a response.

Test for vulnerabilities with regular scans

If you would like to speak with one of our team about this new regulation, please contact a member of our team on: sales@redinet.co.uk or call 020 8249 7000

The arrival of new methods of Ransomware such as Locky and Cryptowall has caused experts to title 2016 as the year of ransomware. Professionals are now predicting that ransomware will continue to grow in sophistication in 2017.

A recent CSO online article featured predictions on what to expect from ransomware in 2017. In the article, Watchguard CTO, Corey Nachreiner, predicts that 2017 will see the first ever ‘ransomworm’ causing ransomware to spread even faster:

“Years ago, network worms like CodeRed, SQL Slammer, and more recently, Conficker were pretty common. Hackers exploited network vulnerabilities and tricks to make malware automatically spread itself over networks. Now, imagine ransomware attached to a network worm. After infecting one victim, it would tirelessly copy itself to every computer on your local network it could reach. Whether or not you want to imagine such a scenario, I guarantee that cyber criminals are already thinking about it.”

CEO email attacks are becoming very well known now and there have been numerous recent cases reported in the media.

The emails are clearly being produced manually, by individuals who are probably using Social Media to track when suitably high level persons within a department are away on holiday or otherwise. They are not automated attacks, but a manual, intelligent attack by a person doing a fair amount of research on the company. They will often find out the CEO’s name, email address and the names and email addresses of key people within the company. The CEO email is the key to this scam, it adds authenticity and authorisation to the fraudulent email.

So what do the attackers usually include in the email? The basic premise of the scam is where the attacker sends an email, pretending to be the CEO of the company or a high level person and requests sensitive information or money transfers. Attackers are known to fully interact with the targeted staff member with multiple emails flying back and forth before the scam is completed.

We work with providers such as Mimecast who are able to offer CEO protect services, TTP and URL protect. Please get in touch with us to find out how we can help to protect you and your business against CEO email scams.